Most recent kernel where this bug did *NOT* occur: Don't know, I just found a report for 2.6.19.1 with the same symptoms, no older ones have shown up (but I didn't compile much stuff before this way, so...). There it generated a string of 8 or so Oopses (reported separately). Distribution: Aurora Corona Hardware Environment: SPARC Station Ultra 1 Software Environment: gcc-4.1.1-30.1, binutils-2.17.50.0.3-6.sparc, nfs-utils-1.0.9-8.al3 Problem Description: Trying to compile a package on an x86_64 (Fedora rawhide, fully up to date) which automounts my account from the SPARC produces an Oops (attached), and nfsd hangs. "service nfs status" reports that nfsd is dead, trying "service nfs start" complains that the port is in use. Steps to reproduce: Oops report: Jan 8 18:50:02 pincoya kernel: Unable to handle kernel NULL pointer dereference Jan 8 18:50:02 pincoya kernel: tsk->{mm,active_mm}->context = 0000000000000901 Jan 8 18:50:02 pincoya kernel: tsk->{mm,active_mm}->pgd = fffff800378ee000 Jan 8 18:50:02 pincoya kernel: \|/ ____ \|/ Jan 8 18:50:02 pincoya kernel: "@'/ .. \`@" Jan 8 18:50:02 pincoya kernel: /_| \__/ |_\ Jan 8 18:50:02 pincoya kernel: \__U_/ Jan 8 18:50:02 pincoya kernel: nfsd(2605): Oops [#8] Jan 8 18:50:02 pincoya kernel: TSTATE: 0000004480009604 TPC: 0000000000474304 TNPC: 0000000000474308 Y: 00000000 Not tainted Jan 8 18:50:02 pincoya kernel: TPC: <put_page+0xc/0xf4> Jan 8 18:50:02 pincoya kernel: g0: 0000000000000000 g1: 000000000000000c g2: 0000000000004000 g3: 000000000000f000 Jan 8 18:50:02 pincoya kernel: g4: fffff800344eb020 g5: 00000000006f7961 g6: fffff80034518000 g7: 000000000000000c Jan 8 18:50:02 pincoya kernel: o0: 0000000000000001 o1: 0000000000000001 o2: 000000000046c8ac o3: 0000000000000002 Jan 8 18:50:02 pincoya kernel: o4: 0000000000000001 o5: 000000000046c86c sp: fffff8003451ae51 ret_pc: 00000000005e3b08 Jan 8 18:50:02 pincoya kernel: RPC: <_read_unlock_irq+0x28/0x48> Jan 8 18:50:02 pincoya kernel: l0: fffff80003627c68 l1: 0000000000000000 l2: fffff800000002c0 l3: 00000000004f21d4 Jan 8 18:50:03 pincoya kernel: l4: 0000000000000150 l5: fffff80034516000 l6: 00000000101d4c98 l7: 0000000000000018 Jan 8 18:50:03 pincoya kernel: i0: 0000000000000000 i1: fffff800001f2618 i2: 000000000000002a i3: 0000000000000009 Jan 8 18:50:03 pincoya kernel: i4: fffff8003451b8a0 i5: fffff800366fea68 i6: fffff8003451af11 i7: 00000000101b0774 Jan 8 18:50:03 pincoya kernel: I7: <nfsd_read_actor+0xbc/0xf8 [nfsd]> Jan 8 18:50:03 pincoya kernel: Caller[00000000101b0774]: nfsd_read_actor+0xbc/0xf8 [nfsd] Jan 8 18:50:03 pincoya kernel: Caller[000000000046d230]: do_generic_mapping_read+0x15c/0x444 Jan 8 18:50:03 pincoya kernel: Caller[000000000046d554]: generic_file_sendfile+0x3c/0x50 Jan 8 18:50:03 pincoya kernel: Caller[00000000101ae674]: nfsd_vfs_read+0x29c/0x3cc [nfsd] Jan 8 18:50:03 pincoya kernel: Caller[00000000101aec38]: nfsd_read+0x9c/0xb0 [nfsd] Jan 8 18:50:03 pincoya kernel: Caller[00000000101b5f88]: nfsd3_proc_read+0xd8/0x114 [nfsd] Jan 8 18:50:03 pincoya kernel: Caller[00000000101aa2ec]: nfsd_dispatch+0xdc/0x1f0 [nfsd] Jan 8 18:50:03 pincoya kernel: Caller[00000000100e2e54]: svc_process+0x448/0x74c [sunrpc] Jan 8 18:50:03 pincoya kernel: Caller[00000000101aaa1c]: nfsd+0x19c/0x31c [nfsd] Jan 8 18:50:03 pincoya kernel: Caller[000000000041797c]: kernel_thread+0x38/0x48 Jan 8 18:50:03 pincoya kernel: Caller[00000000100e249c]: __svc_create_thread+0x144/0x178 [sunrpc] Jan 8 18:50:03 pincoya kernel: Instruction DUMP: 81cfe008 01000000 9de3bf40 <c25e0000> 05000010 90100018 82084002 02c84006 92062008
Not an NFS client issue. Reassigning to Neil Brown.
*** Bug 7798 has been marked as a duplicate of this bug. ***
Created attachment 10043 [details] Possible patch to fix problem Thanks for the report. It looks like we are falling off the end of an array when we received a maximum-sized read request that is not page-aligned. Please try this patch and report the result.
Setting to "NEEDINFO".
Just tried, your patch on 2.6.20-rc4 made the build of a package go through. It looks fixed. Will you queue this for 2.6.19.3?
On Thursday January 11, bugme-daemon@bugzilla.kernel.org wrote: > Just tried, your patch on 2.6.20-rc4 made the build of a package go through. It > looks fixed. Thanks for testing. > > Will you queue this for 2.6.19.3? Hopefully. I have to send of a bunch of patches today for 2.6.20 and some of then should go to -stable too. NeilBrown
This patch isn't in 2.6.20-rc5 as of today (20070124). Will it be in 2.6.19.3?
This is now in Linus' tree
*** Bug 7796 has been marked as a duplicate of this bug. ***